LWDW 197: Achieving Malware Parity

ACBackdoor gets a Windows port! Debian 10 invades Chrome OS, writing user space USB drivers for abandoned hardware, and managing radio stations with open-source software. All this, plus your emails.

Listen:

Subscribe Spotify | Pandora | TuneIn | RSS | More

Timestamps:
04:13 ACBackdoor Linux malware
07:03 ChromeOS 80
08:58 Debian 10.2
12:33 Brave 1.0
15:03 PIA Acquisition
18:13 USB drivers for abandoned devices
22:23 Open-source radio
25:28 Linux supercomputers
28:38 Popcorn computer
32:38 404 Snap not found
38:03 GitHub archive program
40:58 Shameless self promotion
43:13 PiVidBox
46:38 Emails

Colour key – Venn Jill Pedro

New Malware 

• I can think of exactly two attack vectors that the dumbest of morons would fall for. 
• Yeah, I’m looking at you game thieves & Kodi users. 
• It’s not the most clever of malwares… that’s for sure.

ChromeOS 80 Debian 10

• Last week we talked about Chrome OS 78 rolling out, and now Chrome OS 80 is expected to be released for all users in February 2020.
• Having the latest stable release of Debian 10 “Buster” will allow the use of newer software.
• And with the Crostini GPU support now being enabled by default with Chrome OS 78, using graphics applications like GIMP and Blender should be much smoother.
• Android App Sideloading without developer mode enabled

Debian 10.2

• For the most part it’s a gang of security updates. 
• Didn’t break anything on this end, that I know of.
• In the debian-installer fixed unreadable fonts on hidpi displays in netboot images booted with EFI.
  • I have occasionally had weird debian-installer unreadable, corrupt, or just to small fonts to read on some displays when using EFI and netboot.

Brave first Stable

• One of my favorite Chromium based web browsers, Brave, is now out of Beta, and the first stable release is here.
• I use this privacy-focused web browser on many of my computers and Android as well.
• And Brave not only has the added benefit of blocking ads and trackers, but loads web pages faster as a result.

PIA Acquisition

• Kape Technologies bought PIA and parent company LTMI.
  • Which you may know as the people who own Freenode.
• Also covered their $32M debt, which is nice!
• PIA says Kape were one of if not the only company that agreed to trade monies without wanting them to keep logs.
• I’m willing to wait and see what they do.
• I did pay for 3 years of PIA.
• PIA is rolling out a new search engine Private Search which cryptographically protects your privacy.  It is available for testing now and works well.
• Also a new web browser based on Chromium called Libre Browser for Linux, Mac and Windows that protects your privacy.

Reverse engineering drivers 

• As someone who was trying to reverse engineer the Quickcam VC while in university, yeah, this speaks to me. 
• Yeah, this reminds me of when I was working on getting one of my RealMagic Hollywood+ MPEG2 decoder cards working on Linux, when FFmpeg and V4L was in its infancy..
• Dude picked up some cheap VGA to USB capture devices off the Ebay. 
• The binary drivers existed but would not work with kernel 4.19+
• Believing it to be no more than an FPGA on a stick our intrepid hero got to work. 
• Much USB snooping and typos were had. 
• Discovering a SDK sped up the process. 
• Moral of the story?
• The quickest way to get Linux drivers for your device is to never release them or stop providing updates. 
• I still need to tinker with Ghidra. 

Open source radio 

• Unfortunately here in the US we can’t use open source software for emergency alert systems, but instead have to buy expensive proprietary boxes from US manufacturers that are certified by the FCC.
• If you’re already paying for a broadcast license, you might as well save some money on the software.
• All of Open Broadcaster’s source code is released to the public under the AGPLv3 open source license.
• Open Broadcaster works with Raspberry Pi as well.
• Mandatory paid subscription, unlock codes or dongles NOT required for full operation.
• A station in Kentucky even sponsored the development of a royalty reporting tool that was released for everyone to use.

It’s always Linux 

• When your desktop OS can moonlight at exoscale proportions.
• The top 500 supercomputers in the world as we know all run Linux, but now they reach the average speed of 1.14 petaflops!!!
• In the top spot is the IBM built supercomputer The Oak Ridge National Laboratory’s Summit system which clocks in at 148.6 petaflops, and uses Power9 CPUs and NVIDIA Tesla V100 GPUs.
• In second place is the Lawrence Livermore National Laboratory’s Sierra system supercomputer using Power9 CPUs also, and clocks in at 94.6 petaflops.
• Even in desktop land this trend is very much on display.
• If you go look in the Geekbench Result Browser, for any one given processor/laptop, the Linux results tend to come out on top.

Popcorn computer

• Beautifully designed, simple and elegant.
• My only hesitation is the silicone based keyboard.
• Have never been a fan of these ever since the rubbery keys of the ZX Spectrum.
• Considering the price, I’d still much prefer the Pine Pro.
• That’s to say, I still wouldn’t spend 200 wet stinky cashes on a toy.

Snap vs Flatpak

• This is a 404?
• It existed at some point https://webcache.googleusercontent.com/search?q=cache:3XCf6oO4WaoJ:https://ubuntu.com/blog/tag/flatpak+&cd=2&hl=en&ct=clnk&gl=us
• https://webcache.googleusercontent.com/search?q=cache:W587vSEB6vEJ:https://snapcraft.io/blog/a-technical-comparison-between-the-snap-and-the-flatpak-formats+&cd=1&hl=en&ct=clnk&gl=us
• Snaps are more flexible and can be installed on many more architectures then Flatpaks, including ppc64, IBM mainframe S390X and older i386.
• And in doing so Snaps supports server side and IoT.
• Honestly, though, my favorite containerized format is still AppImage.
• I saw the original article and thought: Oh! Canonical are tooting their own horn again.
• Then the article gets pulled and I guess someone else pointed it out to them.

GitHub Archive

• Wow, ok, when we talked about the post apocalyptic Linux distribution CollapseOS two weeks ago I talked about The Long Now Foundation and the 10,000 Year Clock as a good example of creating technology that is preserved for the future.
• Now GitHub has created the GitHub Archive Program which is formed to preserve open source software for future generations.
• And is teaming up with The Long Now Foundation, the Internet Archive, the Software Heritage Foundation, Arctic World Archive, Microsoft Research, the Bodleian Library, and Stanford Libraries.
• Bit-rot on hard drives, SSDs, CDs is a problem because these storage mediums only last for a few decades.
• The GitHub Archive Program will store multiple copies of the software on various storage mediums across different locations and data formats.
• Get your code into the GitHub Arctic Code Vault by 02/02/2020.  It’s a very-long-term archive designed to last at least 1,000 years.
• I hope Microsoft’s involvement is mostly monetary.

Slice of Pi

Endless music Pi 

• It’s a simple enough script to change say from /media/user to ~/nfs or some other network file share.
• Raspberry Pi Video Box, a great way to repurpose old PIs and thumb drives as a super simple to use media box.
• The creator of the project set this up to endlessly play videos off thumb drives, especially old shows, like Seinfeld.

Feedback

Capture cards

• The best solution I have found (on the cheap) is the $60 USB encoder. 
• It will get the job done but strippping DHCP is not a feature you will find in any capture device. 
• Go for a Blackmagic if you want things to just Work ™  
• Magewell if you have the money to burn and require Video4Linux support. 

Hard Wood

Pi Learning 

• I forgot about actually running the predictions.

Related:

LWDW 356: Raspberry Pi Stock Update and Ninja Sloth 6.1 LWDW 360: Orange PiNAS 2023 LWDW 349: ARC drivers on Linux and Windows 11 on ARM LWDW 333: Retro TV with a Raspberry Pi LWDW 328: HP Goes POP!